× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 61d49e4594358514557a0900bfbc2dab3e44fd7dc05b4a3fca18965def5618f7
File name: zbetcheckin_tracker_messg.jpg
Detection ratio: 17 / 69
Analysis date: 2019-02-12 10:32:12 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
Acronis suspicious 20190207
AVG FileRepMalware 20190212
CAT-QuickHeal Trojan.Zenshirsh.SL7 20190212
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cylance Unsafe 20190212
eGambit Unsafe.AI_Score_77% 20190212
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.CNOG 20190211
Fortinet W32/Kryptik.GOUT!tr.ransom 20190211
Sophos ML heuristic 20181128
Microsoft Ransom:Win32/Troldesh.A 20190212
Qihoo-360 HEUR/QVM20.1.2D3C.Malware.Gen 20190212
Rising Ransom.Cerber!8.3058 (TFE:2:msoaiq1Yc8G) 20190211
SentinelOne (Static ML) static engine - malicious 20190203
Sophos AV Mal/Generic-S 20190211
Symantec ML.Attribute.HighConfidence 20190211
Trapmine malicious.high.ml.score 20190123
Ad-Aware 20190211
AegisLab 20190212
AhnLab-V3 20190211
Alibaba 20180921
ALYac 20190211
Antiy-AVL 20190212
Arcabit 20190211
Avast 20190212
Avast-Mobile 20190212
Avira (no cloud) 20190212
Babable 20180917
Baidu 20190201
BitDefender 20190212
Bkav 20190201
ClamAV 20190211
CMC 20190211
Comodo 20190212
Cybereason 20190109
Cyren 20190212
DrWeb 20190211
Emsisoft 20190211
F-Prot 20190212
F-Secure 20190212
GData 20190211
Jiangmin 20190212
K7AntiVirus 20190212
K7GW 20190211
Kaspersky 20190212
Kingsoft 20190212
Malwarebytes 20190211
MAX 20190212
McAfee 20190211
McAfee-GW-Edition 20190211
eScan 20190212
NANO-Antivirus 20190211
Palo Alto Networks (Known Signatures) 20190212
Panda 20190211
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190206
TACHYON 20190211
Tencent 20190212
TheHacker 20190203
TotalDefense 20190211
TrendMicro 20190211
TrendMicro-HouseCall 20190212
Trustlook 20190212
VBA32 20190212
ViRobot 20190211
Webroot 20190212
Yandex 20190212
Zillya 20190211
ZoneAlarm by Check Point 20190212
Zoner 20190211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 51.52.0.0
Description setip/Unikstall
Signature verification The digital signature of the object did not verify.
Signing date 9:19 PM 2/12/2019
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2019-02-12 09:53:46
Entry Point 0x000FD7C0
Number of sections 4
PE sections
Overlays
MD5 f242f613c370834aa13a962ac8d9855c
File type data
Offset 1124864
Size 3336
Entropy 7.34
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
CryptHashData
RegQueryValueExW
LookupAccountSidW
GetNamedSecurityInfoW
RegFlushKey
GetSidSubAuthority
ConvertStringSidToSidW
OpenProcessToken
RegEnumKeyW
SetTokenInformation
RegOpenKeyW
RegOpenKeyExA
CryptCreateHash
GetTokenInformation
DuplicateTokenEx
CryptReleaseContext
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
RegLoadKeyW
GetLengthSid
RegEnumKeyExA
CreateProcessAsUserW
CryptDestroyHash
SetEntriesInAclW
RegSetValueExW
CryptGetHashParam
RegEnumValueW
RegUnLoadKeyW
SetNamedSecurityInfoW
InitCommonControlsEx
GetEnhMetaFileA
PlayEnhMetaFileRecord
CreatePolygonRgn
GetTextMetricsW
CreateFontIndirectW
EngFillPath
SetICMMode
Rectangle
CLIPOBJ_cEnumStart
GetObjectA
DeleteDC
GetPixelFormat
CreateFontW
SetPixel
OffsetClipRgn
GetObjectW
BitBlt
CreateDIBSection
CreateCompatibleBitmap
GetDeviceCaps
EngMarkBandingSurface
SelectClipPath
EnumObjects
GetStockObject
SetViewportOrgEx
SetPixelFormat
EngPaint
AddFontResourceExA
CreateCompatibleDC
GetRasterizerCaps
DeleteObject
FlattenPath
EndPage
SelectObject
UpdateICMRegKeyA
GdiQueryTable
GetSystemPaletteUse
CreateSolidBrush
GetTextExtentPoint32W
GetTextCharacterExtra
SetSystemPaletteUse
GetVolumePathNameW
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
HeapDestroy
GetPrivateProfileSectionNamesW
CreateTapePartition
GetFileAttributesW
GetLocalTime
GetAtomNameW
DeleteCriticalSection
GetCurrentProcess
SetSystemTime
RtlZeroMemory
GetLocaleInfoA
LocalAlloc
EnumSystemLocalesW
ExitProcess
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
lstrcmpiA
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
GetTempPathW
FormatMessageW
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
GetOEMCP
LocalFree
HeapLock
GetExitCodeProcess
InitializeCriticalSection
LoadResource
GetLogicalDriveStringsW
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
SetFileAttributesW
GetCurrentThread
SetLastError
GetUserDefaultUILanguage
GetSystemTime
OpenThread
TlsGetValue
CopyFileW
lstrcpynW
OutputDebugStringW
RemoveDirectoryW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
lstrcmpiW
EnumCalendarInfoA
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
SetFilePointerEx
GetSystemPowerStatus
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
GlobalAddAtomW
CreateThread
GetSystemDirectoryW
MoveFileExW
GetSystemDefaultUILanguage
CreatePipe
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ClearCommError
ExitThread
SetEnvironmentVariableA
TerminateProcess
FindAtomW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
CreateEventW
SetEndOfFile
GetVersion
GetProcAddress
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
DeviceIoControl
GetVersionExW
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
FreeLibrary
CreateRemoteThread
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetStartupInfoW
ReadProcessMemory
GetCPInfo
DeleteFileW
GetUserDefaultLCID
AddAtomW
GetProcessHeap
GetTempFileNameW
GetComputerNameW
CompareStringW
lstrcpyW
GetFileSizeEx
GlobalReAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
lstrcmpA
FindNextFileW
WTSGetActiveConsoleSessionId
CreateDirectoryW
InterlockedIncrement
GetTimeFormatA
FreeConsole
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
GlobalLock
CreateFileMappingW
GetPrivateProfileSectionW
GetTimeZoneInformation
CreateFileW
GetBinaryTypeW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetProcessTimes
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
Process32NextW
CreateProcessW
SetupComm
FileTimeToLocalFileTime
SizeofResource
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
SetConsoleCursor
HeapSize
InterlockedCompareExchange
Process32FirstW
WritePrivateProfileStringW
SuspendThread
ExpandEnvironmentStringsW
RaiseException
CompareStringA
GetConsoleMode
FreeResource
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
PulseEvent
DeleteAtom
CloseHandle
OpenMutexW
lstrcpynA
GetACP
GetModuleHandleW
SetThreadExecutionState
GetFileAttributesExW
FindResourceExW
GetLongPathNameW
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
ResetEvent
SHBindToParent
SHQueryRecycleBinW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHPathPrepareForWriteW
Shell_NotifyIcon
ShellExecuteExA
SHGetPathFromIDListW
SHInvokePrinterCommandA
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteExW
SHGetMalloc
SHIsFileAvailableOffline
SHGetDesktopFolder
ShellAboutW
ExtractAssociatedIconW
SHGetSpecialFolderPathW
DragQueryFileAorW
SHGetFolderPathW
CheckEscapesW
DragFinish
ShellExecuteW
ExtractIconExW
CommandLineToArgvW
SHSetValueW
SHGetValueA
StrCmpNIW
PathIsSameRootW
SHSetValueA
PathIsDirectoryW
SHGetValueW
PathCompactPathW
StrToIntExW
wnsprintfW
ColorRGBToHLS
ColorHLSToRGB
PathAddBackslashW
StrFormatByteSizeW
StrCmpIW
PathStripToRootW
PathCombineW
PathRemoveExtensionW
PathStripPathW
StrStrIA
PathRemoveFileSpecW
StrChrW
StrCpyW
StrStrIW
PathAppendW
PathIsDirectoryEmptyW
StrCmpW
StrCmpNW
PathUnquoteSpacesW
PathFindFileNameW
StrCpyNW
StrRStrIA
PathSkipRootW
PathFileExistsW
PathFindExtensionW
SetFocus
GetForegroundWindow
SetWindowRgn
RegisterWindowMessageW
GetInputState
CharLowerBuffA
DrawStateA
MoveWindow
GetGuiResources
GetWindowContextHelpId
SetWindowPos
IsWindow
EndPaint
WindowFromPoint
VkKeyScanW
GetClipboardSequenceNumber
SetActiveWindow
GetDC
ReleaseDC
GetMenu
UnregisterClassA
AnyPopup
DlgDirSelectExW
GetClientRect
CreateAcceleratorTableW
AllowSetForegroundWindow
DrawTextW
LoadImageW
InSendMessage
CallNextHookEx
CopyAcceleratorTableA
GetActiveWindow
RegisterHotKey
OpenClipboard
GetWindowTextW
SendMessageCallbackW
EnumClipboardFormats
GetWindowTextLengthW
ScrollWindow
InvalidateRgn
DestroyWindow
GetParent
UpdateWindow
PostQuitMessage
SetClassLongW
EnumWindows
SendIMEMessageExW
GetMessageW
ShowWindow
DlgDirListComboBoxA
ValidateRect
GetClipboardOwner
PeekMessageW
EnableWindow
LoadIconW
TranslateMessage
IsWindowEnabled
GetWindow
CharNextExA
GetQueueStatus
RegisterClassW
OpenDesktopW
PackDDElParam
CharLowerA
LoadStringW
WindowFromDC
IsIconic
SetTimer
IsDialogMessageW
FillRect
MonitorFromPoint
CopyRect
WaitForInputIdle
DdeCreateDataHandle
GetDialogBaseUnits
CloseWindow
CreateWindowExW
GetWindowLongW
CharNextW
IsChild
MapWindowPoints
CharPrevA
GetMonitorInfoW
GetKeyboardLayoutNameA
BeginPaint
OffsetRect
DefWindowProcW
GetAltTabInfo
keybd_event
KillTimer
CharNextA
GetMonitorInfoA
ClipCursor
RegisterWindowMessageA
CheckMenuRadioItem
GetClipboardData
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
GetWindowRect
SetCapture
ReleaseCapture
EnumChildWindows
PostMessageW
MonitorFromRect
RedrawWindow
GetClassLongW
PtInRect
SetWindowTextW
GetDlgItem
GetMenuCheckMarkDimensions
BringWindowToTop
ClientToScreen
LoadIconA
GetKeyboardState
PostThreadMessageW
AttachThreadInput
DestroyAcceleratorTable
GetDesktopWindow
GetKeyboardLayout
LoadCursorW
EnumDisplaySettingsW
DispatchMessageW
SwitchToThisWindow
SetForegroundWindow
GetMenuItemInfoW
GetCaretBlinkTime
DrawTextExW
EndDialog
GetMessagePos
FindWindowW
GetCapture
ScreenToClient
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
IsWindowUnicode
LoadCursorFromFileA
LookupIconIdFromDirectoryEx
SendMessageTimeoutW
GetSysColor
SetDlgItemTextW
GetKeyState
IsCharAlphaNumericA
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
SetRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
ImpersonateDdeClientWindow
CallWindowProcA
IsMenu
GetFocus
GetKeyboardType
SetCursor
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoInitializeEx
CoGetClassObject
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
OleLockRunning
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
CoTaskMemAlloc
Number of PE resources by type
RT_STRING 20
RT_RCDATA 10
RT_GROUP_CURSOR 6
RT_CURSOR 6
RT_ICON 4
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 41
ENGLISH US 9
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
51.52.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
setip/Unikstall

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
87040

EntryPoint
0xfd7c0

MIMEType
application/octet-stream

FileVersion
51.52.0.0

TimeStamp
2019:02:12 10:53:46+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
1036800

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 84307f2217068875dd710248c6f5fedf
SHA1 b50a577ae232e66e8efe1dc01aa0487bdb8143df
SHA256 61d49e4594358514557a0900bfbc2dab3e44fd7dc05b4a3fca18965def5618f7
ssdeep
24576:UfNSaxrTefKtVRl2heL+rY0wUOPLoEu0gGdWRiskxR18nDI3zzfyxCgo:Ulnr6fKtfkwDubGIRMN3zzSg

authentihash b677c61ea590a23654e058fabb16e5cb86b48d53e0a18ac497f02e5817db5681
imphash 6f60d0218cdf97b59795dd6babbcae24
File size 1.1 MB ( 1128200 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (9.3%)
OS/2 Executable (generic) (4.1%)
Generic Win/DOS Executable (4.1%)
Tags
peexe overlay

VirusTotal metadata
First submission 2019-02-12 10:32:12 UTC ( 1 month, 1 week ago )
Last submission 2019-02-12 20:19:25 UTC ( 1 month, 1 week ago )
File names csrss.exe
csrss.exe
61d49e4594358514557a0900bfbc2dab3e44fd7dc05b4a3fca18965def5618f7.exe
zbetcheckin_tracker_messg.jpg
messg.jpg
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections